MCP Server
The Control Zero MCP server lets you manage governance directly from AI coding clients. Create projects, define policies, review audit logs, and manage secrets, all without leaving your editor.
What It Does
The MCP server exposes Control Zero's management API as MCP tools. Any MCP-compatible client can call these tools, giving your AI coding assistant full access to your governance configuration.
Use cases:
- Ask your AI assistant to create a new policy for your project
- Review recent audit log entries from your editor
- Manage secrets and API keys without switching to the dashboard
- Scan projects for governance gaps inline
Installation
npx @controlzero/mcp-server
The server starts on stdio transport by default, which is what most MCP clients expect.
Client Configuration
Claude Desktop
Add to your Claude Desktop configuration file (claude_desktop_config.json):
{
"mcpServers": {
"controlzero": {
"command": "npx",
"args": ["@controlzero/mcp-server"],
"env": {
"CZ_API_KEY": "cz_live_your_key_here"
}
}
}
}
Claude Code
Add to your Claude Code MCP configuration:
{
"mcpServers": {
"controlzero": {
"command": "npx",
"args": ["@controlzero/mcp-server"],
"env": {
"CZ_API_KEY": "cz_live_your_key_here"
}
}
}
}
Cursor
In Cursor settings, navigate to MCP Servers and add:
{
"controlzero": {
"command": "npx",
"args": ["@controlzero/mcp-server"],
"env": {
"CZ_API_KEY": "cz_live_your_key_here"
}
}
}
Windsurf
Add to your Windsurf MCP configuration:
{
"mcpServers": {
"controlzero": {
"command": "npx",
"args": ["@controlzero/mcp-server"],
"env": {
"CZ_API_KEY": "cz_live_your_key_here"
}
}
}
}
VS Code
Add to your VS Code MCP settings (.vscode/mcp.json):
{
"servers": {
"controlzero": {
"command": "npx",
"args": ["@controlzero/mcp-server"],
"env": {
"CZ_API_KEY": "cz_live_your_key_here"
}
}
}
}
Gemini CLI
Add to your Gemini CLI MCP configuration:
{
"mcpServers": {
"controlzero": {
"command": "npx",
"args": ["@controlzero/mcp-server"],
"env": {
"CZ_API_KEY": "cz_live_your_key_here"
}
}
}
}
Available Tools
The MCP server exposes 19 tools for managing your Control Zero governance:
Project Management
| Tool | Description |
|---|---|
list_projects | List all projects in your organization |
get_project | Get details for a specific project |
create_project | Create a new project |
update_project | Update project settings |
delete_project | Delete a project |
Policy Management
| Tool | Description |
|---|---|
list_policies | List all policies for a project |
get_policy | Get a specific policy by ID |
create_policy | Create a new policy with rules |
update_policy | Update an existing policy |
delete_policy | Delete a policy |
publish_policy | Publish a policy to make it active |
Audit Logs
| Tool | Description |
|---|---|
list_audit_logs | Query audit log entries with filters |
get_audit_summary | Get a summary of recent audit activity |
Secrets Management
| Tool | Description |
|---|---|
list_secrets | List secrets for a project (metadata only) |
create_secret | Store a new encrypted secret |
delete_secret | Delete a secret |
API Keys
| Tool | Description |
|---|---|
list_api_keys | List API keys for a project |
create_api_key | Generate a new API key |
revoke_api_key | Revoke an existing API key |
Example Usage
Once configured, you can interact with Control Zero through natural language in your AI coding client:
Create a policy:
"Create a Control Zero policy called 'read-only-agent' that allows database:query but denies database:execute and database:delete for the project my-agent."
Review audit logs:
"Show me the last 10 denied actions in the audit log for project my-agent."
Manage secrets:
"List all secrets stored in my Control Zero project."
Check project status:
"What policies are active in my production-agents project?"
Authentication
The MCP server authenticates using your Control Zero API key. Pass it via the CZ_API_KEY environment variable in your client configuration.
For organization-level operations (listing projects, creating projects), use an organization token. For project-scoped operations, a project API key is sufficient.
Related
- MCP Tool Control: Govern MCP tool access with policies.
- MCP Integration: MCP integration overview.
- API Reference: Full API documentation.
- CLI Scanner: Scan projects for governance gaps.